An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/2

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/3

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/4

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/5

MITRE https://github.com/yashpatelphd/CVE-2024-29440

MITRE disputed

Title: ROS2 Humble Hawksbill
Description: Se ha descubierto una vulnerabilidad de acceso no autorizado en las versiones de ROS2 Humble Hawksbill donde ROS_VERSION es 2 y ROS_PYTHON_VERSION es 3. Esta vulnerabilidad podría permitir potencialmente que un usuario malintencionado obtenga acceso no autorizado a múltiples nodos ROS2 de forma remota. El acceso no autorizado a estos nodos podría comprometer la integridad del sistema, la ejecución de comandos arbitrarios y la divulgación de información confidencial.